Re: Session Issue
From: Nicole Calinoiu (calinoiu)
Date: 10/21/04
- Next message: SLY: "Mixing authentication type flags & By design Bug from MS ?"
- Previous message: Nicole Calinoiu: "Re: Session Issue"
- In reply to: Shabam: "Re: Session Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 21 Oct 2004 16:07:42 -0400
"Shabam" <blislecp@hotmail.com> wrote in message
news:Eq2dnS0UOqgGlOXcRVn-gg@adelphia.com...
> Checking for existence of data is good, but how about checking also when
> the
> client attempts to submit data? For instance, if user A were somehow able
> to pull up a configuration page for user B, (perhaps by copying user A's
> html source code), then try to submit that. Shouldn't the application
> check
> permissions again then?
Of course. You had mentioned GET requests which, by convention, do not
submit data for storage on the server, so I only covered reads. For writes,
you should probably also keep in mind that updates and additions may have
different permissions rules on at least some pages. In addition to read and
write operations, you might also need to consider deletions if your
application allows these.
- Next message: SLY: "Mixing authentication type flags & By design Bug from MS ?"
- Previous message: Nicole Calinoiu: "Re: Session Issue"
- In reply to: Shabam: "Re: Session Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
